pleroma-ansible-playbook/tasks/nginx.yml

---
# py-cryptography is needed for self-signed certificates
# we could probably do away with certbot.
- name: Nginx -- Ensuring Nginx dependencies are installed.
  apk:
    name: nginx, certbot, py-cryptography
    state: present

- name: Nginx -- Ensuring that the ssl folder exists
  file:
    name: "{{ pleroma_ssl_folder }}"
    state: directory
    mode: '0700'
    owner: root
    group: root

- name: Nginx -- Ensuring that the ssl private key is generated.
  openssl_privatekey:
    mode: '0400'
    group: root
    owner: root
    path: "{{ pleroma_ssl_privateKeyPath }}"
    size: 4096
    state: present
    type: RSA

- name: Nginx -- Ensuring that the certificate signing request is generated.
  openssl_csr:
    mode: '0400'
    group: root
    owner: root
    path: "{{ pleroma_ssl_csrPath }}"
    privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
    common_name: "{{ pleroma.config.host }}"

- name: Nginx -- Ensuring the self-signed certificate is generated.
  openssl_certificate:
    path: "{{ pleroma_ssl_selfSignedCertPath }}"
    privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
    csr_path: "{{ pleroma_ssl_csrPath }}"
    provider: selfsigned

- name: Nginx -- Ensuring the Nginx configuration is present.
  template:
    src: etc_ngnix_confd_pleroma.conf.j2
    dest: /etc/nginx/conf.d/pleroma.conf
    owner: root
    group: root
    mode: '0400'

- name: Nginx -- Ensuring that Nginx is enabled and started.
  service:
    name: nginx
    enabled: yes
    state: started
initial commit 2019-10-02 01:31:38 +01:00			`---`
			`# py-cryptography is needed for self-signed certificates`
			`# we could probably do away with certbot.`
			`- name: Nginx -- Ensuring Nginx dependencies are installed.`
			`apk:`
			`name: nginx, certbot, py-cryptography`
			`state: present`

			`- name: Nginx -- Ensuring that the ssl folder exists`
			`file:`
			`name: "{{ pleroma_ssl_folder }}"`
			`state: directory`
			`mode: '0700'`
			`owner: root`
			`group: root`

			`- name: Nginx -- Ensuring that the ssl private key is generated.`
			`openssl_privatekey:`
			`mode: '0400'`
			`group: root`
			`owner: root`
			`path: "{{ pleroma_ssl_privateKeyPath }}"`
			`size: 4096`
			`state: present`
			`type: RSA`

			`- name: Nginx -- Ensuring that the certificate signing request is generated.`
			`openssl_csr:`
			`mode: '0400'`
			`group: root`
			`owner: root`
			`path: "{{ pleroma_ssl_csrPath }}"`
			`privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"`
change: define pleroma variable as a dictionary 2019-10-07 21:28:53 +01:00			`common_name: "{{ pleroma.config.host }}"`
initial commit 2019-10-02 01:31:38 +01:00
			`- name: Nginx -- Ensuring the self-signed certificate is generated.`
			`openssl_certificate:`
			`path: "{{ pleroma_ssl_selfSignedCertPath }}"`
			`privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"`
			`csr_path: "{{ pleroma_ssl_csrPath }}"`
			`provider: selfsigned`

			`- name: Nginx -- Ensuring the Nginx configuration is present.`
			`template:`
			`src: etc_ngnix_confd_pleroma.conf.j2`
			`dest: /etc/nginx/conf.d/pleroma.conf`
			`owner: root`
			`group: root`
			`mode: '0400'`

			`- name: Nginx -- Ensuring that Nginx is enabled and started.`
			`service:`
			`name: nginx`
			`enabled: yes`
			`state: started`